Cyber Security

Helping local businesses with cyber security by protecting their IT systems, staff training and best practice processes/habits for a safe work space.

Today’s business environment is full of cyber security risks, we take a proactive approach to security but we also understand that you need to run a business. We use enterprise class software to provide the most secure environment for our customers taking the best practice developed by enterprise organisations and deploying it in a suitable way for the small and medium sized business market.

The Problem

We have seen an increase in the number of customers affected by cyber attacks during the last year. This is no longer just a threat that the big companies face and the phishing and ransomware problem appears to be increasing. Ransomware is a threat that effectively removes access to your data by encrypting it. This encryption changes the way the data is written so that it can only be read if you have a special key to unlock the data. The only way to get the decryption key is to pay the money and hope that it works. There are time limits on how long you are given to respond and after that limit the data is unrecoverable and must be restored.

When devices are infected with this ransomware we have seen large volumes of data encrypted in a short space of time , in one case 250,000 files in 20 minutes.

The difference between traditional viruses, malware and ransomware is that ransomware is aimed at getting money from the victim whereas viruses and malware have the intention of causing damage.

The phishing attacks that we are seeing are becoming increasingly more complex and involve the attacker impersonating a known contact to obtain money typically by asking for account details to be changed or invoices to be paid.

The Solution

We have put together a number of systems to protect our customers data and this is made up of changes to the company pc's and servers and the deployment of additional software and scanning services. There needs to be a combination of solutions, known as security layers that are put in place.

In conjunction with the technology we also need to implement good working processes and employee training.

1. End User Training and Best Practices:We need to train end users in good security practices and to identify the potential threats, such as suspicious emails or unusual files.Employee training is critical in the overall solution and could form a layer of defence in its own right especially when dealing with phishing attacks. Arrange A Session

2. Good Backups:We are moving more towards online backups now as it gives us a greater level of protection, it can be automated and doesn't require user interaction. If the worst should happen and we need to recover from a disaster, we can restore whole systems to our office on to new or spare equipment for recovery. In many cases we run this backup in parallel with existing systems if customers have them. Adding a monthly test restore is important, knowing that data recovery has been tested and proven is important. Backup Solutions

3. Endpoint Security:We have found that we need to increase the level of protection that our customers have. We are primarily using two products, Sophos Cloud anti-virus and Sophos Interceptx. The first product is traditional anti-virus and is designed to stop the traditional viruses and malware and the second product is specifically aimed at protecting against these threats labelled as "ransomware". Security Software

4. Mail Filtering:We have started deploying a solution from Mimecast who are the market leaders in scanning and removing threats from e-mails as well as rejecting spam. This is done before the e-mail is delivered to the end user. Email Solutions

5. Web Filtering:Many threats are delivered now by browsing to compromised sites where the virus or ransomware is hidden waiting to be downloaded. We recommend implementing a filtering system that scans employee access to the Internet and will block sites listed as being infected or suspicious. Security Software

6. Firewall & System Updates:The firewall is designed to protect the network from external unauthorised access and should be updated on a regular basis and included in the cyber security process. Company workstations and servers need to have the latest security updates; we prefer to agree a proactive maintenance plan with our customers to ensure that internal systems remain secure. Hardware Solutions

Employee & Customer Data

Password Vault

Cyber Security Blog

Cyber Security Sessions

How Does This Benefit My Business?

We're helping businesses deal with challenges around:

Data Protection / Password Control

Cyber Security

Next year’s General Data Protection Regulations (2018)

Hopefully you can join us for a coffee/tea and bacon/sausage toasty at one of our Tuesday morning (9 am) free cyber and e-security training sessions at our office in Portsmouth, where we will cover basic topics on how to keep your business safe from cyber threats. They start at 9am.

We will provide an overview in plain English of the risks and threats to your business and show some practical advice and guidance to reduce your exposure in a short workshop (Approx. 1 hour).

No Obligation or Cost

This event is no obligation or cost, but we would love you to participate, enjoy our hospitality and network with like-minded business managers. We will have a questions and answers session where you can raise any concerns that you may have that could be specific to your company or personal systems.

If your company runs a quality management system, then this will be an ideal opportunity to review some processes and procedures and discuss how to implement basic processes to increase the level of protection.

Topics Covered

The workshop will cover the following topics and will be kept restricted to small groups of 5-6 to ensure a friendly atmosphere.

Who is at risk?

How do these attacks start and what signs are there?

How should you react?

What measures can you implement to reduce the number of attacks getting through and limit their success?